Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

Exchange 2007 set up using a combination of server.xxx.local and mail.xxx.com - is this normal? If not how can I correct it?

I had an outside consultant come in and help me install Exchange 2007 in our environment. They seem to have used a combination of two different FQDN's to set this up - server.xxx.local and mail.xxx.com. Is this a normal way to set up Exchange 2007?

We had to set up some kind fix to get SSL certificates working correctly since internally it resolves to the .local FQDN. It seems like it would make more sense to have set up Exchange 2007 to only use mail.xxx.com internally AND externally for any name resolution.

For example to access OWA, you go to mail.xxx.com. To set up Outlook Anywhere however you have to use a combination of both server.xxx.local in the Exchange server box and mail.xxx.com in the HTTP box.

From a logical standpoint, I would say he got confused and used two different FQDN's while setting up Exchange 2007. Am I correct, or is this a standard practice way to set up Exchange 2007 and should I leave it alone?
0
danielevans83
Asked:
danielevans83
  • 2
  • 2
1 Solution
 
danielevans83Author Commented:
In fact it even looks like NDR's from Exchange users return with the server.xxx.local header and ones that use our SMTP service return with a mail.xxx.com header.
0
 
MesthaCommented:
There is nothing wrong with that setup.
It is fairly common to have domain.local internally. Exchange can cope with that quite happily. Renaming your domain is a pain to do, so all that was done is work with that.

However you shouldn't have had to do anything special with certificates if the certificates had been done correctly. Exchange 2007 requires SAN/UC certificates, which support multiple names, including the internal domains.
So you would have mail.example.com as the common name (where example.com is your public name), then autodiscover.example.com, server (NETBIOS name) and server.example.local (internal FQDN) as alternative/additional names.

If your WINDOWS domain is example.local then you cannot really change a great deal with the way that Exchange works. The only two parts that matter are the FQDN on the Send Connectors and the SSL certificate., Everything else is fine for the .local.
Postmaster messages (NDRs) can be set to go from a specific address, usually postmaster@example.com but that is about it.

As for whether you should leave it alone or not, you don't really have much choice. To change it would be a lot of hassle, for almost no gain other than some vanity settings.

Simon.
0
 
danielevans83Author Commented:
Mestha,
Thanks for the detailed breakdown, that is really helpful.
Regarding the Exchange 2007 SSL cert, we used a standard one from Godaddy. It was licensing for the public domain so we had to do some messing around to get that to work for internal Outlook clients so it doesn't prompt them every time asking if the cert is okay.
My primary irritation with this is how Outlook Anywhere works. I'd prefer it if I could put in mail.xxx.com for the Exchange server name instead of server.xxx.local. What setting is it that controls what FQDN is used internally for Outlook to connect to it?
0
 
MesthaCommented:
When it comes to Outlook Anywhere, you cannot change the URL. The server's real internal FQDN will always appear. If you are using Outlook 2007 then Autodiscover will configure Outlook Anywhere for you automatically. If you are using Outlook 2003 then you have to configure manually before you hit next on pure external clients.

A standard SSL certificate would have given you grief - if you switched to a SAN/UC certificate then you would not have had that grief.

Simon.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now